id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
10056,href not sanitized in media uploader,Denis-de-Bernardy,,"there are lines such as:

{{{
if ( !empty($_POST['insertonlybutton']) ) {
	$href = $_POST['insertonly']['href'];
if ( !empty($href) && !strpos($href, '://') )
	$href = ""http://$href"";
}}}

they should get an additional:

$href = esc_url_raw($href); // for the filter

and the link should use esc_url($href)",defect (bug),closed,high,2.9,Media,2.8,normal,fixed,has-patch,